The objective is to pass Isolate around in V8 bindings.
This patch adds an Isolate parameter to setJSWrapperForXXX()
and passes Isolate to setJSWrapperForXXX() in CodeGeneratorV8.pm.
I'll pass Isolate to setJSWrapperForXXX() in custom bindings
in a follow-up patch.

This change reverts back to using processingUserGesture() instead
of DOMWindow::allowPopUp(). This fixes incorrect behavior in
at least the Chromium port and is consistent with the cited
definition of "allowed to show a pop-up":

An algorithm is allowed to show a pop-up if, in the task in which the algorithm is running, either:

an activation behavior is currently being processed whose click event was trusted, or

Enable ctrl-arrow moves caret by word in visual order in non-Windows platforms that use ICU word
break iterator (it is not enabled for WinCE and Qt where ICU is not used). For those platforms, ctrl-arrow
moves caret to word break position before spaces. For example, given a logical text "abc def hij", the word
break positions using ctrl-left-arrow from rightmost position are "|abc |def |hij".
The word break positions using ctrl-right-arrow from leftmost position are "abc| def| hij|".

Test: editing/selection/move-by-word-visually-mac.html

editing/EditingBehavior.h:

(EditingBehavior):
(WebCore::EditingBehavior::shouldEatSpaceToNextWord): To control different word break positions
(regards to space) for different platforms.

editing/FrameSelection.cpp:

(WebCore::FrameSelection::modifyMovingRight): Enable visual word movement for all platforms that use ICU.
(WebCore::FrameSelection::modifyMovingLeft):

editing/visible_units.cpp:

(WebCore::visualWordPosition): Determine the right word break position (regards to space) based on EditingBehavior.
(WebCore::leftWordPosition):
(WebCore::rightWordPosition):

(WebCore::PNGImageDecoder::rowAvailable): Check interlace buffer allocations
and bail via longjmp on failure. Note PNG_INTERLACE_ADAM7 is the only libpng
supported interlace type so test for it explicitly.

PNGImageDecoder supports image downsampling. Add ENABLE guards to show where
downsampling is applied when outputting decoded rows to the frame buffer. Most
ports don't enable the flag: don't penalize them in terms speed in this tight
row pixel write loop. s/y/destY/ to match setRGBA() and amend some comments.

I would remove the whole function, but doing so opens a whole can of worms
as this override is public, yet normally this function is *private* (well protected on RenderBox).
It seems plausible that frame flattening code needs this override since it doesn't always
call the min/maxPreferredWidth() calls which normally automatically call this compute*
function if the pref-widths are dirty.
Instead of trying to track that all down, I'm just removing this line, and we'll go
back and remove the whole function at a later date if possible.

This also adds support for the seamless sandbox flag from HTML 5.
The sandbox flag is not speficially overridable in the current HTML5,
but it is set (like all sandbox flags) by default when sandbox is specified.
Unfortunately this support is not yet observable in this patch, as
this patch adds not observable features of seamless.

I noticed that my previous testing did not confirm that iframes marked
for seamless (but not possible to display as seamless due to sandbox, etc.)
were still to have this seamless styling. I've added additional testing for this case.

I also added another test for the about:blank FIXME added as part of this change.

In order to support srcdoc w/ seamless, we needed to move the srcdoc determination
sooner in the initSecurityContext function (before the should-inherit early return).

The next patch will make seamless actually observable from JS/DOM, this one
just lays down all the plumbing, and separates the security aspects for
easy review.

I also added a new test for about:blank iframes (per a code-FIXME)
as well as some new testing to confirm that the default seamless-CSS style
applies even when iframes cannot render seamless due to security restrictions.

fast/frames/seamless/seamless-basic-expected.txt:

fast/frames/seamless/seamless-basic.html:

fast/frames/seamless/seamless-inherited-origin-expected.txt: Added.

fast/frames/seamless/seamless-inherited-origin.html: Added.

fast/frames/seamless/seamless-inline-expected.txt:

fast/frames/seamless/seamless-min-max-expected.txt:

fast/frames/seamless/seamless-nested-expected.txt:

fast/frames/seamless/seamless-quirks-expected.txt:

fast/frames/seamless/seamless-sandbox-flag-expected.txt:

fast/frames/seamless/seamless-sandbox-flag.html:

fast/frames/seamless/seamless-sandbox-srcdoc-expected.txt:

http/tests/security/seamless/seamless-cross-origin-expected.txt:

http/tests/security/seamless/seamless-sandbox-srcdoc-expected.txt:

svg/in-html/by-reference.html: was using seamless, but really doens't want to, doing so just adds noise.

NATIVE_FULLSCREEN_VIDEO means the fullscreen video is implemented by native
system view instead of webkit.
So it is more appropriate to use USE(NATIVE_FULLSCREEN_VIDEO).
This chagne also disabled the rendering of the fullscreen video element in webkit
when that flag is set.
Just renaming the variable, no new tests.

dom/Document.cpp:

(WebCore::Document::webkitWillEnterFullScreenForElement):
(WebCore):

platform/graphics/MediaPlayer.cpp:

(WebCore):

platform/graphics/MediaPlayer.h:

(MediaPlayer):

platform/graphics/MediaPlayerPrivate.h:

(MediaPlayerPrivateInterface):

Source/WebKit/chromium:

NATIVE_FULLSCREEN_VIDEO means the fullscreen video is implemented by native
system view instead of webkit
So it is more appropriate to use USE(NATIVE_FULLSCREEN_VIDEO).
Just rename the flag, no new tests

This chage forces us to allocate RenderLayers for overflow: hidden as it has been causing several
regressions. It leaves all of the scaffolding around to keep the change small. See bug 83954 for
the proper revert for trunk.

Remove the dependency on *Command.h files from Mac port's WebKit layer.
Also wrapped the call to TypingCommand::insertParagraphSeparatorInQuotedContent in the Editor class
so that we can just expose Editor's method instead of directly exposing the said static method.

Remove one bit from m_column (which should be fine as I wouldn't expect tables above 1 millions
columns to render at all anyway) to pack the bitfields in 32 bits. Re-arranged the bits to have the bigger
bitfield first.

Implements a naive dominator calculator, which is currently just used to
print information in graph dumps. I've enabled it by default mainly to
be able to track its performance impact. So far it appears that there is
none, which is unsurprising given that the number of basic blocks in most
procedures is small.

Also tweaked bytecode dumping to reveal more useful information about the
nature of the code block.

Added a bitvector class suitable for cheap static analysis. This class
differs from BitVector in that instead of optimizing for space, it
optimizes for execution time. Its API is also somewhat less friendly,
which is intentional; it's meant to be used in places where you know
up front how bit your bitvectors are going to be.

(WebCore::Page::startCountingRelevantRepaintedObjects):
Set m_isCountingRelevantRepaintedObjects to true after calling reset, since reset now sets it to false.

(WebCore::Page::resetRelevantPaintedObjectCounter):
Set m_isCountingRelevantRepaintedObjects to false.

(WebCore::Page::addRelevantRepaintedObject):
Use HashSet::find to avoid an extra hash lookup.

page/scrolling/ScrollingCoordinator.cpp:

(WebCore::ScrollingCoordinator::updateMainFrameScrollPositionAndScrollLayerPosition):
Remove the call to FrameView::updateCompositingLayersAfterLayout now, since FrameView::notifyScrollPositionChanged
already calls this and was making us to a lot of work twice.

A few of the dfg operations failed to correctly set the topCallFrame,
and so everything goes wrong. This patch corrects the effected operations,
and makes debug builds poison topCallFrame before calling a dfg operation.

The new preTargetedNode parameter can be used to pass in the Node that is
the target of the GestureTap event. If this parameter is used, adjustedPoint
is changed to be the center of the Node's bounding rectangle.

DOMWindowExtension::disconnectFrame assumed it would only be called when there was a frame
to disconnect. However, DOMWindow's destructor invokes disconnectFrame on all its
DOMWindowProperties, even if it already did so when it entered the page cache.

page/DOMWindowExtension.cpp:

(WebCore::DOMWindowExtension::disconnectFrame):
Don't do anything if the frame has already been disconnected.

Source/WebCore: Temporarily remove webkitSourceAddId() & webkitSourceRemoveId() from DOM
until the rest of the Media Source v0.5 methods are implemented. This is
to prevent ambiguity about whether v0.5 is fully supported or not.​https://bugs.webkit.org/show_bug.cgi?id=85295

These are all test cases which were written as part of implementing seamless
on my github branch: ​https://github.com/eseidel/webkit/compare/master...seamless
All of these will pass once the implementation is landed, which I am uploading
as a series of patches as we speak. Because the each of pieces
affects variety of tests, it seems easiest to read the implmentation
diffs if I land all the tests up-front.

Because some layers lock/unlock resources, it needs to be guaranteed
that if willDraw is called on a layer then didDraw will also be called
on that layer before another willDraw or before layer destruction. Add
asserts to make sure that this is the case.

willDraw is called via CCLayerTreeHostImpl::prepareToDraw ->
calculateRenderPasses. didDraw was previously called in
CCLayerTreeHostImpl::drawLayers. Sometimes drawLayers was being
skipped by the caller of these functions based on what prepareToDraw
returned (causing didDraw to not be called). Fix this by having an
explicit step to call didDraw on all layers. This new didDrawAllLayers
function must be called if and only if prepareToDraw is called.

This is currently broken for values-animation. The accumulation should happen after a full cycle of the values animation ran (aka. at the end of the duration).
A values animation works like this: iterate over the list of values, and calculate a 'from' and 'to' value for a given time. Example for values="0; 30; 20" dur="2s":

0.0s .. 1.0s -> from=0, to=30

1.0s .. 2.0s -> from=30, to=20

Accumulation currently is taken into account at each interval for a values-animation instead of the end of the cycle. Fix that
by passing an additional 'toAtEndOfDuration' type to calculateAnimatedValue() which is used for accumulation instead of the
current 'to' value.

(WebCore::parseNumber): A helper for parseDate().
(WebCore::LocaleWin::parseNumberOrMonth): ditto.
(WebCore::LocaleWin::parseDate):
Parse a user-provided date string by matching with a DateFormatToken list.

(WebCore::appendNumber): A helper for formatDate().
(WebCore::appendTwoDigitsNumber): ditto. Write at least two digits.
(WebCore::appendFourDigitsNumber): ditto. Write at least four digits.
(WebCore::LocaleWin::formatDate):
Format a DateComponents by iterating a DateFormatToken list.

Prepare RenderBoxModelObject for FractionalLayoutUnits by adding rounding
logic to calculateBackgroundImageGeometry. Background images, as all
images, needs to be layed out on pixel boundaries thus we need to convert
it to a integer value.

(WebCore::RenderTableCell::styleDidChange):
Switched the rowWasSet check to an ASSERT. The new logic guarantees that
row index was set straight when we insert the row. The previous logic was
opened to some race conditions as we could wait for a recalcCells call before
setting the index on the rows which made this check necessary.

(WebCore::RenderTableRow::setRowIndex):
(WebCore::RenderTableRow::rowIndex):
Added those getter / setter. Also kept m_rowIndex's smaller size
for future optimization and for symmetry with the column index on
RenderTableCell.

rendering/RenderTableSection.cpp:

(WebCore::RenderTableSection::addChild):
(WebCore::RenderTableSection::recalcCells):
Made sure that whenever we insert or update our row index
we do call setRowIndex().

(WebCore::RenderTableSection::addCell):
This logic now doesn't need to query insertionRow as the cell's
should have the index of the row in which it is inserted.

Each platform will have a different set of input types that support the datalist UI.
This patch makes shouldRespectListAttribute ask the RenderTheme if it supports datalist UI for that input type.
Thus making it possible to do feature detection with JS.

Reviewed by Kent Tamura.

WebCore.gypi: Added RenderThemeChromiumCommon.{cpp,h}

html/ColorInputType.cpp:

(WebCore::ColorInputType::shouldRespectListAttribute):
(WebCore):

html/ColorInputType.h:

(ColorInputType):

html/InputType.cpp:

(WebCore::InputType::themeSupportsDataListUI): Static method used by TextFieldInputType, RangeInputType, and ColorInputType.
(WebCore):

html/InputType.h:

(InputType):

html/RangeInputType.cpp:

(WebCore::RangeInputType::shouldRespectListAttribute):

html/TextFieldInputType.cpp:

(WebCore::TextFieldInputType::shouldRespectListAttribute):

rendering/RenderTheme.h:

(RenderTheme):
(WebCore::RenderTheme::supportsDataListUI): Returns true if the platform can show the datalist suggestions for a given input type.

Reverting RenderObject::maximalOutlineSize to int. This is a slop value for repaint
rects that doesn't affect layout. It also derives its value from RenderView's function
of the same name, which is already an integer.

When zooming, we need to be careful about how to convert the visible rect from float to int.
Using toAlignedRect can produce inconsistent width and height when we are scrolling.
This patch carefully modifies each piece of the visible rect, to avoid such rounding errors.
In addition, the TransformationMatrix we use for painting, needs to be adjusted for the same rounding error.

We have a checked type that allows us to automate many of the
bounds checks we want here, so let's replace the floating point
math, and just use Checked<> throughout. We use a non-recording
Checked<> as no overflows should reach this point, so we'll take
a hard early failure, over the cost of many branches when
accessing the raw values in loops.

Adding an absoluteValue free inline function that operates on LayoutUnits, which
allows us to have one function signature for ints or FractionalLayoutUnits. We
can't simply add a FractionalLayoutUnit flavor of abs because it confuses
some compilers due to the implicit FractionalLayoutUnit constructors that take
ints and floats.

Updating LayoutUnit usage in a pair of remaining functions to minimize the remaining work to switching
to FractionalLayoutUnits for layout instead of integers.

No new tests. No change in behavior.

rendering/InlineFlowBox.cpp:

(WebCore::InlineFlowBox::placeBoxesInBlockDirection): Though stored as a float, the top is always
set to an integer value. When we move to sub-pixel, we need to preserve this. Not preserving this
behavior affects text decorations, most notably underlines.

rendering/RenderWidget.cpp:

(WebCore::RenderWidget::updateWidgetGeometry): Adding pixel snapping for the content box if it's
not transformed (absoluteContentBox includes pixel snapping), and properly treating the boundingBox
as an IntRect.

Bailing from the space distribution loop in layoutHorizontal/VerticalBox when
the remaining space falls below one pixel. This has no effect in whole-pixel
layout, but avoids unnecessary work/infinite loops in the sub-pixel case.

The crash was caused by a malformed range obtained within an event handler of mutation events
(DOMNodeRemovedFromDocument). Because this range wasn't updated per node removal, range functions
end up not behaving well.

Fixed the bug by changing the order of the notifications in ContainerNode::willRemoveChild.
We now fire mutation events first before updating ranges so that any range created inside those
event handlers can also be updated prior to the actual node removal.

Test: fast/dom/Range/range-created-in-mutation-event-crash.xhtml

dom/ContainerNode.cpp:

(WebCore::willRemoveChild):

LayoutTests:

Add a regression test. We use alert here instead of innerHTML, textContent, etc...
because document element is no longer well-formed at the end of the test.

The call to updateMainFrameScrollPosition was added to make the WebKit2 find overlay work, since it relies
on scroll position updates being synchronous. Change the find code in WebKit2 to handle asynchronous scroll
position updates and remove the call to updateMainFrameScrollPosition.

page/scrolling/ScrollingCoordinator.cpp:

(WebCore::ScrollingCoordinator::requestScrollPositionUpdate):

Source/WebKit2:

The find machinery should cope with asynchronous scroll position updates.

WebProcess/WebPage/FindController.cpp:

(WebKit::FindController::updateFindUIAfterPageScroll):
Split the code that handles updating the find indicator and find overlay out into a separate function.

(WebKit::FindController::findString):
Call updateFindUIAfterPageScroll once we know that the scroll position has been updated.

Add DrawingArea::dispatchAfterEnsuringUpdatedScrollPosition, which will call the given function object after
making sure that the scroll position has been updated correctly. This is important for TiledCoreAnimationDrawingArea,
which updates the scrolling position asynchronously.

WebProcess/WebPage/DrawingArea.cpp:

(WebKit::DrawingArea::dispatchAfterEnsuringUpdatedScrollPosition):
Since scroll position updates are synchronous by default, just call function directly.

WebProcess/WebPage/mac/TiledCoreAnimationDrawingArea.mm:

(WebKit::TiledCoreAnimationDrawingArea::dispatchAfterEnsuringUpdatedScrollPosition):
Commit the layer tree state and then use ScrollingThread::dispatchBarrier to make sure that the function is called when any
scroll position changes have been made. If possible, freeze the layer tree to make sure that the update is atomic.

Update platform code to use the pixel snapped values for painting rects
to line up with device pixels and change platform specific hit testing
code to use roundedPoint as hit testing is still mostly done on integer
bounds.

When invoking StringImpl::startsWidth() or StringImpl::endsWith() with
a string literal, a new String was constructed implicitly, allocating
a new StringImpl and copying the characters for the operation.

This patch adds a version of those methods for single characters and
string literals.
This allows us to avoid allocating memory and use the characters in place,
and it permits some extra shortcuts in the implementation.

(WebCore::AutoTableLayout::calcEffectiveLogicalWidth):
As we are spreading the cell's min / max logical width, we should be updating them.
This prevents the following logic getting confused and allocating more than needed.

Add a ScrollingThread::dispatchBarrier function which takes a WTF::Function and dispatches it to the main thread
once all the currently scheduled scrolling thread functions have run. This is to be used for synchronization between the
scrolling thread and the main thread.

On android, the fullscreen video was implemented by passing a java
surfaceView to an android mediaplayer class.
The implementation of that logic should happen in WebKit::WebMediaPlayer.
This change makes it possble for WebViewImpl::enterFullScreenForElement()
to call WebMediaPlayer->enterFullscreen(), thus solving the issue.

Sorry, there is a merge error during the previous commit, resolved now

No new tests. This just exposes the flag so later it can be used by android.

When radix, we use to turn the doubleValue into a JSValue just to convert
it to a String. The problem is that was using the slow path for conversion and
for the toString() operation.

This patch shortcuts the creation of a JSValue and uses NumericStrings directly.
The conversion is split between Integer and Double to ensure the fastest conversion
for the common case of integer arguments.

Converting number with radix 10 becomes 5% faster.

Due to the simpler conversion of number to string for integer, converting
integers that do not fall in the two previous optimizations get 32% faster.

Add a new flag for controlling the fixed point denominator in
FractionalLayoutUnit. Controls whether the denominator is set to 60 or 1.
Until we change the LayoutUnit typedef this change will have no effect.

No new tests, no change in functionality.

platform/FractionalLayoutUnit.h:

(WebCore):
(WebCore::FractionalLayoutUnit::operator++):
(WebCore::operator/):
(WebCore::operator+):
Add ++, / double and and + double operators. These are needed when
ENABLE_SUBPIXEL_LAYOUT is not enabled.

platform/graphics/FractionalLayoutRect.cpp:

(WebCore::enclosingFractionalLayoutRect):

Source/WTF:

Reviewed by Eric Seidel.

Add a new flag for controlling the fixed point denominator in
FractionalLayoutUnit. Controls whether the denominator is set to 60 or 1.
Until we change the LayoutUnit typedef this change will have no effect.

As commented in ​https://bugs.webkit.org/show_bug.cgi?id=79963#c16 we do not
usually subclass basic types like Vector. This patch changes code to use
Vector<Attribute> directly and move around the functionality of the former
methods to more specific helper functions or inline code at the callers.

(WebCore::HTMLTreeBuilder::processFakeStartTag):
(WebCore::HTMLTreeBuilder::attributesForIsindexInput): Loop through the attributes
backwards so we can remove items without affecting the rest of the loop run.

StyleImage::computeIntrinsicDimensions() is only called from one
place: RenderBoxModelObject::calculateIntrinsicDimensions(), and that
is only used for background images and border images. In my original
image-set work, I decided that
StyleCachedImageSet::computeIntrinsicDimensions() would compute
"intrinsic" dimensions, meaning that they would compute the dimensions
that the image resource was pretending to be rather than the actual
dimensions of the resource. I chose to do this because it made
background images work great without changing the call-site. But border
images need to know the actual intrinsic dimensions, so this design
decision (which was admittedly questionable from the start) won't
stick.

This patch makes StyleImage::computeIntrinsicDimensions() return
actual intrinsic dimensions. Then the border-image and background-
image code is very lightly patched to account for the image's scale
factor.

These functions no longer need the scale factor parameter.

loader/cache/CachedImage.cpp:

(WebCore::CachedImage::computeIntrinsicDimensions):

loader/cache/CachedImage.h:

(CachedImage):

platform/graphics/GeneratedImage.h:

(GeneratedImage):

platform/graphics/GeneratorGeneratedImage.cpp:

(WebCore::GeneratedImage::computeIntrinsicDimensions):

platform/graphics/Image.cpp:

(WebCore::Image::computeIntrinsicDimensions):

platform/graphics/Image.h:

(Image):

platform/graphics/cg/PDFDocumentImage.cpp:

(WebCore::PDFDocumentImage::computeIntrinsicDimensions):

platform/graphics/cg/PDFDocumentImage.h:

(PDFDocumentImage):

svg/graphics/SVGImage.cpp:

(WebCore::SVGImage::computeIntrinsicDimensions):

svg/graphics/SVGImage.h:

(SVGImage):

rendering/style/StyleCachedImageSet.cpp:

(WebCore::StyleCachedImageSet::computeIntrinsicDimensions):

New function on StyleImage returns the image's scale factor.

rendering/style/StyleCachedImageSet.h:

(WebCore::StyleCachedImageSet::imageScaleFactor):

rendering/style/StyleImage.h:

(WebCore::StyleImage::imageScaleFactor):

Scale the intrinsic size of the background image down by the scale
factor.

rendering/RenderBoxModelObject.cpp:

(WebCore::RenderBoxModelObject::calculateFillTileSize):

Slices should be multiplied by the image's scale factor since they are
always expected to the specified in the 1x image's coordinate space.
(WebCore::RenderBoxModelObject::paintNinePieceImage):

There was a reference cycle between CSSImageSetValue and StyleCachedImageSet via
CSSImageSetValue::m_imageSet / StyleCachedImageSet::m_imageSetValue. Break the cycle
by having StyleCachedImageSet hold a weak reference to the CSSImageSetValue rather
than a strong reference.

Instead of automatically using an intermediate surface for layers with opacity and
children, we limit surface usage for layers with more than one child and for layers with
one child and contents of its own.

This prevents us from using intermediate surfaces in cases where a single layer with
opacity has a single descendant with content, in which case normal blending can be used.

When pasting a copied portion of a blockquote with a newline at the end into an unquoted area,
the newline is inserted after the blockquote since we don't want it also to be quoted. However,
this behavior has also applied when we insert a paragraph between quoted lines, which is incorrect.
To figure out the right place to insert a paragraph, we need providing more information to the
InsertParagraphSeparatorCommand by introducing a boolean parameter "pasteBlockqutoeIntoUnquotedArea".

Add a new public class to the API, WebKitFileChooserRequest, to be
emitted along with a new WebKitWebView::run-file-chooser signal to
let client applications to provide their own file chooser dialog
when the use interacts with HTML Input elements of type 'file'.

Provide private API to make a file chooser request from the
WebView, and provide a default handler for it.

UIProcess/API/gtk/WebKitWebView.cpp:

(fileChooserDialogResponseCallback): Handler for the 'response'
signal for the GtkFileChooserDialog used in the default
handler. It will call to webkit_file_chooser_request_select_files
or webkit_file_chooser_request_cancel as needed.
(webkitWebViewRunFileChooser): Default handler for the new
'run-file-chooser' signal. It will create a GtkFileChooserDialog,
connect to the 'response' signal and show it.
(webkit_web_view_class_init): Connect the 'run-file-chooser'
signal to the default handler, webkitWebViewRunFileChooser.
(webkitWebViewRunFileChooserRequest):

UIProcess/API/gtk/WebKitWebView.h:

(_WebKitWebViewClass): Added prototype for the handler of the new
'run-file-chooser' signal.

UIProcess/API/gtk/WebKitWebViewPrivate.h: Added prototype for

private new function webkitWebViewRunFileChooserRequest.

Provide an implementation for runOpenPanel in WebKitUIClient.

UIProcess/API/gtk/WebKitUIClient.cpp:

(runOpenPanel): New, implements runOpenPanel by creating an
instance of WebKitFileChooserRequest and asking the WebView to
emit the 'run-file-chooser' signal with it.
(attachUIClientToView): Reference the new runOpenPanel function.

Added the new publich header to the main header.

UIProcess/API/gtk/webkit2.h: Added WebKitFileChooserRequest.h.

New unit tests for the new WebKitFileChooserRequest API. Also,
extended the WebViewTest class to allow simulating mouse clicks.

UIProcess/API/gtk/tests/TestWebKitWebView.cpp:

(checkMimeTypeForFilter): New, checks whether a GtkFileFilter
filters a given MIME type, as specified by RFC 2046.
(testWebViewFileChooserRequest): New unit test.
(beforeAll): Add the new unit test as an UIClientTest.

UIProcess/API/gtk/tests/WebViewTest.cpp:

(WebViewTest::clickMouseButton): New public function to simulate a
mouse click through GdkEvents, as the combination of a 'press' and
a 'release' event. Used from the new unit test to simulate the
user pressing in the button rendered for a HTML Input element.
(WebViewTest::executeMouseButtonEvent): New private function to
simulate a mouse event through GdkEvents.

It is good practice not to leave member variables uninitialized. They make debugging more difficult by reducing
repeatability, and in some cases lead to the possibility of information leakage occuring. This patch simply adds
initialization of m_numParsedPropertiesBeforeMarginBox to CSSParser's constructor to INVALID_NUM_PARSED_PROPERTIES
so that the initial state is the same as the state after the properties are cleared.

No tests added because this is a code style fix, not an actual bug so long as the bison generated code calls
startDeclarationsForMarginBox() and endDeclarationsForMarginBox() symmetrically. The lack of initialization was
originally detected by coverity.

We should use combined() instead of combinedForChildren() since we don't allow
intermediate surfaces for preserves-3d. Also, we should apply the offset before
multiplying the transforms, otherwise the transform-origin is incorrect.

This is not correct. The parsing can be done more than once,
and thus we cannot clear data. This patch removes the above code.

Consider the following situation:

(1) Assume '<body onresize="f()"></body>'.
(2) prepareListenerObject() runs.
(3) Since this is the first parsing, hasExistingListenerObject()
returns false. After the parsing, the listener object is set
by setListenerObject().
(4) GC runs. Since there is no strong reference to the listener
object, weakEventListenerCallback() is called back, and the listener
object is disposed.
(5) A resize event is triggered.
(6) prepareListenerObject() is called again. Since the listener object
is already disposed, hasExistingListenerObject() returns false,
and the second parsing starts.

In my investigation, the above situation is happening in the reported
Chromium bug. Anyway, I am sure that potentially the parsing can be
done more than once, and thus we must keep m_xxxx data.

No tests: I tried hard to create a DRT test, but could not.
The bug depends on the behavior of GC, and thus the reported bug is
non-deterministic. For example, (as explained in the Chromium issue,)
the bug does not happen if we load an HTML from network because
the network latency hides the bug. Also the bug happens in the
popup window only. If we open the reported HTML in the main window,
we cannot reproduce the bug.

(JSGlobalContextRelease): Now that we can rely on JSGlobalData to "do
the right thing", this code is much simpler. We still have one special
case to notify the garbage collector if we're removing the last
reference to the global object, since this can improve memory behavior.

I removed the feature of ensuring orderly tear-down when calling quit()
or running in --help mode because it didn't seem very useful and
making it work with Windows structured exception handling and
NO_RETURN didn't seem like a fun way to spend a Saturday.

runtime/JSGlobalData.h:

runtime/JSGlobalData.cpp:

(JSC::JSGlobalData::JSGlobalData): Moved heap to be the first data
member in JSGlobalData to ensure that it's destructed last, so other
objects that reference it destruct without crashing. This allowed me
to remove clearBuiltinStructures() altogether, and helped guarantee
rule (3).

(JSC::JSGlobalData::~JSGlobalData): Explicitly call
lastChanceToFinalize() at the head of our destructor to ensure that
all pending finalizers run while the virtual machine is still in a
valid state. Trying to resurrect (re-ref) the virtual machine at this
point is not valid, but all other operations are.

Changed a null to a 0xbbadbeef to clarify just how bad this beef is.

runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::init):

runtime/JSGlobalObject.h:

(JSGlobalObject):
(JSC::JSGlobalObject::globalData): See rule (3).

Source/WebCore:

bindings/js/WorkerScriptController.cpp:

(WebCore::WorkerScriptController::~WorkerScriptController): Slightly
simpler than before. We can't just rely on our default destructor
because we need to hold the JSLock when we tear down the VM.

bridge/NP_jsobject.cpp:

(_NPN_InvokeDefault):
(_NPN_Invoke):
(_NPN_Evaluate):
(_NPN_Construct): Don't RefPtr<> the JSGlobalData because it makes it
seem like you know something the rest of our code doesn't know. The
plugin JSGlobalData is immortal, anyway.

I also removed some timeout checker related code because that feature
doesn't work anymore, so it was effectively dead code.

We can save a file with help of InspectorFrontendHost.save method,
but it is suitable only for relatively small portions of data and
can't process the 6Gb heap snapshot.
These methods just pass the url and content into embedder.

The bug originated from clearing an intermediate surface with glClear while the scissor
state was wrong.
When using intermediate surfaces, maintain a clip-stack for each surface, rather than
a single clip-stack for the whole scene. When a surface is bound, its clip stack should
be applied.

Change Length and CSS length computation to floating point. This gets us
closer to the goal of supporting subpixel layout and improves precision
for SVG which already uses floating point for its layout.

This change makes computedStyle return fractional values for pixel values
if a fraction is specified. It also changes the result of computations
where two or more values with fractional precision. Prior to this change
the result of Length(2.9) + Length(2.9) would be 4 as each value would be
floored. With this change the result is 5 as the addition is done with
floating point precision and then the result will be floored. Once we
enable subpixel layout the resulting value in this example would be 5.8.

If a value is sufficiently close to the next integer round it up to
ensure that a style rule such as "width: 4.999px" evaluates to 5px
instead of 4px. This is needed as, although Lengths are using floating
point, the layout system still uses integer precision and floors the
Length values.
This will change once we move to FractionalLayoutUnits but for now this
is needed to ensure compatibility with the existing system and tests.

Without this specialized rounding logic we fail a handful of tests
including acid3.

platform/Length.h:

(WebCore::Length::value):
(Length):
(WebCore::Length::intValue):

rendering/RenderTableCell.cpp:

(WebCore::RenderTableCell::styleOrColLogicalWidth):

LayoutTests:

Reviewed by Eric Seidel.

Change Length and CSS length computation to floating point. This gets us
closer to the goal of supporting subpixel layout and improves precision
for SVG which already uses floating point for its layout.

This change makes computedStyle return fractional values for pixel values
if a fraction is specified. It also changes the result of computations
where two or more values with fractional precision. Prior to this change
the result of Length(2.9) + Length(2.9) would be 4 as each value would be
floored. with this change the result is 5 as the addition is done with
floating point precision and then the result will be floored. Once we
enable subpixel layout the resulting value in this example would be 5.8.

Only dump as text if currently dumping render tree. This ensures that
calling dumpAsText in a test with dumpChildFramesAsText already being
called doesn't override the first decision, possibly making tests fail.

Switch AnimatedColorAnimator to use the standard animateAdditiveNumber() method, taking progress & repeatCount into account.
This gives us accumulation/repeatCount support for free.

We just animate the four color components on their own now and clamp once at the end after addition/accumulation finished.
Import <animateColor> tests from Dr. Olaf Hoffmanns SVG Animation test suite, which all pass now.

While I was at it, remove the includeSMILProperties boolean from computeCSSPropertyValue - we always use the computed style
without SMIL effects included, whenever we want to retrieve the "base value", or handle "inherit/currentColor".

(SVGPathByteStream): Make SVGPathByteStreams copyable, needed for SVGAnimatedPathAnimator.
(WebCore::SVGPathByteStream::size): Returns size of the SVGPathByteStream.

svg/SVGPathParserFactory.cpp:

(WebCore::SVGPathParserFactory::buildAnimatedSVGPathByteStream): Allow empty from streams, needed for by animations.
(WebCore::SVGPathParserFactory::addToSVGPathByteStream): Add 'byStream' 'repeatCount' times to 'toStream'. Both streams must match in size.

svg/SVGPathParserFactory.h: Add new addToSVGPathByteStream function.

svg/SVGPointList.cpp: Remove dead code.

svg/SVGPointList.h: Ditto.

(SVGPointList):

LayoutTests:

svg/animations/path-animation.svg: Added.

svg/animations/path-animation-expected.svg: Added.

svg/animations/repeating-path-animation-expected.svg: Added.

svg/animations/repeating-path-animation.svg: Added.

svg/animations/script-tests/svgpath-animation-1.js: Correct testcase, now that by animations are supported.

We're still seeing crashes in the FrameLoader where the FrameLoader's
state is "provisional" but there is no provisional document loader. I
added code to update the FrameLoader's state everytime the provisional
document loader is cleared, and added checks that the FrameLoader's
state can't be set to provisional without a provisional loader.

If the crashes go away, or the newly added checks reveal the culprit,
we should relex the checks to use ASSERT() instead of CRASH().

Remove a dashboard backwards compatibility quirk that was in place to support an old version
of the Stocks widget. It prevented the pointer-events property from being applied in Dashboard
widgets, which caused -webkit-input-placeholder elements to eat mouse clicks rather than giving
focus to the containing input elements. The offending widget has long since been fixed.

CoreAnimation does not natively support reverse and alternate-reverse
animation directions so we need to flip the animation values (keyframe
keys and timing functions) that we send to GraphicsLayerCA. Unfortunately
this code adds a lot of conditionals because it isn't as simple as
reversing the order of keys. You also now have a different alignment of
timing functions to the reversed list.

New tests to cover the two new directions, making sure the timing
functions are correctly inverted, and exercising fill modes.

(PlatformCAAnimation): Pass through a flag that tells the CA Animation
that it should invert the timing functions.

platform/graphics/ca/mac/PlatformCAAnimationMac.mm:

(toCAMediaTimingFunction): Add a parameter that will invert the timing
function coefficients if necessary.
(PlatformCAAnimation::setTimingFunction):
(PlatformCAAnimation::setTimingFunctions):

platform/graphics/ca/win/PlatformCAAnimationWin.cpp:

(toCACFTimingFunction):

New unused parameter.

LayoutTests:

Tests support for reverse and alternate-reverse animations on
CoreAnimation objects, as well as filling out some of the software
animator tests. There are three variables to exercise: reverse vs
forward direction animations, whether reversed timing functions are
inverted correctly, and that fill mode respects the direction of
animation.

Refactored the animation test helper class so we could reuse
property parsing and evaluation.

Some clients put null pointers into Weak<T> and PassWeak<T>, but this is
more efficient and straight-forward to model with a null in the Weak<T>
or PassWeak<T> instead of allocating a WeakImpl just to hold null.

(JSC::PassWeak::PassWeak): Handle null as a null WeakImpl instead of
allocating a WeakImpl and storing null into it.

heap/Weak.h:

(Weak):
(JSC::::Weak): Same changes as in PassWeak<T>.

heap/WeakBlock.cpp:

(JSC::WeakBlock::visitLiveWeakImpls):
(JSC::WeakBlock::visitDeadWeakImpls): Only non-null cells are valid in
the WeakSet now, so no need to check for non-cells and null cell pointers.

heap/WeakImpl.h:

(JSC::WeakImpl::WeakImpl): Only non-null cells are valid in the WeakSet
now, so ASSERT that.

../WebCore:

bridge/jsc/BridgeJSC.cpp:

(JSC::Bindings::Instance::Instance): Don't allocate a WeakImpl just to
store null. This was needless, and is now a compile error. Instead,
rely on the default constructor, which will produce a cheap null.

WebVideoFrameProviderClient has a 1:1 relationship with a
WebVideoFrameProvider. The client here is CCVideoLayerImpl and the
provider is WebMediaPlayerClientImpl. If the provider gets a new
client, then the old client needs to be informed to stop using the
provider.

If this doesn't happen, then the old client will have an unsafe
pointer to the provider, will not get informed if the provider gets
deleted, and the client will crash when it dereferences the provider
pointer trying to tell the provider that its client is going away.

PR: 147006
This was caused by the incorrect fix master_33/SHA:612caec4.
Calculations like this "originalArea / pageArea" would always return 0
so that the incorrect node and blockRect were used by block zoom. This
patch takes care of it.

The bug was caused by CompositeEditCommand::breakOutOfEmptyListItem, which calls isListItem
on the empty list's siblings to decide which part of the list should get removed. However,
the check fails when the empty list's sibling is a text node, or a list element (e.g. ul, ol).
Fixed it by skipping empty list's non-element sibling and calling isListElement to do further
check.

Source/WebCore:

Test: added new test cases in the existing test (break-out-of-empty-list-item.html)

The SVGAnimatedProperty cache was previously holding a reference to the properties it contained;
said references were cleared in the SVGAnimatedProperty destructor (which was never called because
there was always one remaining reference from the cache).

The SVGAnimatedProperty cache now holds raw pointers instead of RefPtrs; the SVGAnimateElement now
owns its own SVGAnimatedProperties, both for itself and for any <use/> instances of itself. They're
cleared and destroyed within SVGAnimateElement::targetElementWillChange, at which time they're removed
from the cache.

SVGPropertyTearOffs now keep a reference to their SVGElement (m_contextElement) instead of their SVGAnimatedProperty;
this way, there is no reference cycle, but the animated property (owned by the element) and the element itself are
kept alive until the TearOff is garbage collected.

Add a few tests for different parts of this patch: smil-leak-elements tests that animated
elements are garbage collected properly after being removed from the page;

smil-leak-element-instances and its related smil-leak-element-instances-noBaseValRef test
that we don't leak instances after they're removed from the document while the original element is still alive;

smil-leak-dynamically-added-element-instances tests the same thing, but adds half of the instances
while the animation is in the middle of running;

svglength-element-removed-crash ensures that an animated element is not freed
if JavaScript code is holding a reference to an animated property wrapper.

Split JSString into two classes, JSString as a base class that does not
include the fibers of a Rope, and a subclass JSRopeString that has the
rope functionality. Both classes "share" the same ClassInfo. Added
a bool to JSString to indicate that the string was allocated as a JSRopeString
to properly handle visiting the fiber children when the rope is resolved and
the JSRopeString appears as a JSString. Didn't change the interface of JSString
to require any JIT changes.

As part of this change, removed "cellSize" from ClassInfo since both classes
share the same ClassInfo, but have different sizes. The only use I could find
for cellSize was an ASSERT in allocateCell().

Remove the call to syncRemoteContents from WebLayerTreeRenderer::paintToCurrentGLContext,
since it was moved to QQuickWebPage::updatePaintNode.
To make sure that we always sync before painting, this patch also calls page->update()
when the viewport changes.

This change gives the DFG the ability to simplify the control flow graph
as part of an optimization fixpoint that includes CSE, CFA, and constant
folding. This required a number of interesting changes including:

Solidifying the set of invariants that the DFG obeys. For example, the
head and tail of each basic block must advertise the set of live locals
and the set of available locals, respectively. It must do so by
referring to the first access to the local in the block (for head) and
the last one (for tail). This patch introduces the start of a
validation step that may be turned on even with asserts disabled. To
ensure that these invariants are preserved, I had to remove the
redundant phi elimination phase. For now I just remove the call, but in
the future we will probably remove it entirely unless we find a use for
it.

Making it easier to get the boolean version of a JSValue. This is a
pure operation, but we previously did not treat it as such.

Fixing the merging and filtering of AbstractValues that correspond to
concrete JSValues. This was previously broken and was limiting the
effect of running constant folding. Fixing this meant that I had to
change how constant folding eliminates GetLocal nodes, so as to ensure
that the resulting graph still obeys DFG rules.

Introducing simplified getters for some of the things that DFG phases
want to know about, like the Nth child of a node (now just
graph.child(...) if you don't care about performance too much) or
getting successors of a basic block.

The current CFG simplifier can handle almost all of the cases that it
ought to handle; the noteworthy one that is not yet handled is removing
basic blocks that just have jumps. To do this right we need to be able
to remove jump-only blocks that also perform keep-alive on some values.
To make this work, we need to be able to hoist the keep-alive into (or
just above) a Branch. This is not fundamentally difficult but I opted to
let this patch omit this optimization. We can handle this later.

This is a big win on programs that include inline functions that are
often called with constant arguments. Of course, SunSpider, V8, and
Kraken don't count. Those benchmarks are completely neutral with this
change.

Adds a new layer type for IOSurface backed layers, instead of sharing that functionality in
WebExternalTextureLayer. IOSurface backed layers do not share any other properties with external texture layers.

Adds a new layer type for IOSurface layers and pipes through a separate path through to rendering. IOSurface
layers are very simple - they have an IOSurface id and size, nothing else. All IOSurface layers are "flipped" in
our terminology.

This implements the high resolution time spec from​http://www.w3.org/TR/hr-time/, giving javascript access to
sub-millisecond timestamps that increase over time instead of being
subject to skewing, for example when the host machine's clock changes.

This implements the high resolution time spec from​http://www.w3.org/TR/hr-time/, giving javascript access to
sub-millisecond timestamps that increase over time instead of being
subject to skewing, for example when the host machine's clock changes.

Make output product_name for npTestNetscapePlugIn.dll match the case
of the copy_TestNetscapePlugIn rule. This is required for ninja, which
is more particular about case matching in rules than the VS build.

The semantics and implementation of Weak<Unknown> are unclear because:

Should you call a finalizer for a non-GC thingy? If so, when?

Possible answer: No.

If WeakImpls for GC thingies live with the GC thingies in the
heap, where do WeakImpls for non-GC thingies live?

Possible answer: Directly in the Weak<T>.

Since no clients actually want these behaviors, it's hard to tell if
they're the right behaviors, and it's not worth the implementation
complexity. If we come up with a client that wants these behaviors, we
can always revisit this.

bindings/js/JSNodeFilterCondition.cpp:

(WebCore::JSNodeFilterCondition::JSNodeFilterCondition): Just leave our
filter NULL if it's not an object -- that's a better way to indicate
"not a valid filter object".

(WebCore::JSNodeFilterCondition::acceptNode): Fixed up some naming to
clarify that the object we're working with is not necessarily a function.

bindings/js/JSNodeFilterCondition.h:

(JSNodeFilterCondition): Use Weak<JSObject>, since that more closely
matches what we're trying to do.

TransparencyWin will create a Skia canvas of whatever size is passed
in, even if the result will ultimately be clipped. Handle the clip
implicitly and try (in some cases) to create a smaller canvas. This
can happen due to RenderBox::paintBoxDecorations passing a paint rect
down of the entire element's size.

Modes with more complicated transforms (ScaleTransform, UnTransform)
are not handled yet.

I've implemented the blend function for the CustomFilterOperation. This should enable animations for CSS Shaders.
Currently, just floats are implemented. If any of the filter attributes like shader, mesh size or box mode are different,
the fallback is to use the "to" part of the animation instead. If other shader parameters do not match, it will merge the parameter values
between the "from" and "to" states.

Playback logic involving noteOn(), noteOff(), and playbackState were intertwined with
the AudioBufferSourceNode's buffer playback code. These are more general concepts and
may be implemented separately in another class called AudioScheduledSourceNode.

No new tests. Covered by existing layout tests.

GNUmakefile.list.am:

Add AudioScheduledSourceNode files to makefile.

Modules/webaudio/AudioBufferSourceNode.cpp:

(WebCore):
(WebCore::AudioBufferSourceNode::AudioBufferSourceNode):
Re-factor some member variables into new base class AudioScheduledSourceNode.

Very simple patch, when linking produces an error we need to actually store
the exception prior to throwing it. I can't find any other examples of this,
but as we're already in the slow path when throwing an exception I've hardened
exception throwing against null exceptions.

By accidentally scrolling clipRects that should be considered
"infinite", they were no longer being considered infinite. This
caused a chain of un-intended code paths that caused fixed
position elements to stutter when scrolling in Chromium.

Dirk and I investigated the issue on the bot but we couldn't figure out what is going wrong.
Since we run-perf-tests don't need any of fancy feature printer provides, just use python's
built-in logging module instead. Printing out to stdout and stderr seem to work so hopefully
this will fix the issue on the bot.

The crash was because because DOM had been modified since the last time selection had been "validated",
and therefore frame selection's endpoints are no longer visible when we instantiated visibleStart
and visibleEnd from m_endingSelection of the edit command.

Fixed the bug by checking the nullity and orphanedness of visible start and visible end directly.
I suspect we have similar bugs in other commands. The fundamental problem is that the copy constructor
of VisibleSelection never validates so when a VisibleSelection is passed from one class to another
(e.g. FrameSelection to EditCommand), we may not adjust end points as needed.

Test: editing/execCommand/format-block-without-body-crash.html

editing/ApplyBlockElementCommand.cpp:

(WebCore::ApplyBlockElementCommand::doApply):

LayoutTests:

Add a regression test for executing FormatCommand immediately after removing
the body element thereby turning the selection end points to non-candidates.

The change in r96257 did not cause the performance regression per se,
but exposed a problem in the way we calculate the offset in container
node when the anchorType is PositionIsOffsetInAnchor.
The offset was computed as the minimum between the given offset and
lastOffsetInNode. If the container has a very large number of children,
we walk the entire list of child nodes in the container simply to find
out how many they are.
Looking through the entire editing code, I found other 2 cases (one
is only an ASSERT) where we could do a similar optimization.

The bug comes from trying to repaint the :after content as part of updateBeforeAfterContent.
The repainting logic would query the yet-to-be-inserted continuation(). Then we would crash in
RenderBox::clippedOverflowRectForRepaint as we didn't have an enclosingLayer() (which any
RenderObject in the tree will have).

The fix is to check in RenderInline::clippedOverflowRectForRepaint that our continuation()
is properly inserted in the tree. We could check that it isRooted() but it's an overkill here.

This change changes the chromium new-run-webkit-tests
implementation to use the code in WebKitDriver and ServerProcess
by default on Mac and Linux, instead of using the old-style
Chromium/test_shell style of output.

We will still use the test_shell style on Windows for now
and you can still get the old style of behavior with
new-run-webkit-tests --additional-drt-flag --test-shell

I have been intermittently seeing hangs when running
test-webkitpy on Mac SL; it appears that there's a bug (?) in
the multiprocessing module where queue references are getting
leaked or not cleaned up somehow. By explicitly closing the
queues, things seem to be happy, so this patch adds a cleanup()
method to the message broker and modifies the manager (and the
unit tests) to call it. This may get rid of the intermittent
error on shutdown on Linux I've seen as well.

Properly set ResourceError objects' domain instead of using a generic
one. This allows WebKit and NSURL errors to be distinguished, which is
required to properly print out information in EFL's DumpRenderTree
when dumpResourceLoadCallbacks() returns true.

Prerendering is currently covered by the ENABLE_LINK_PREFETCH macro, but the new Prerendering
API separates it from prefetching. Having separate include guards lets ports enable prefetching,
a relatively easy change, without needing to build the infrastructure for prerendering, which
is considerably more complicated.

Configurations/FeatureDefines.xcconfig:

Source/WebCore:

Prerendering is currently covered by the ENABLE_LINK_PREFETCH macro, but the new Prerendering
API separates it from prefetching. Having separate include guards lets ports enable prefetching,
a relatively easy change, without needing to build the infrastructure for prerendering, which
is considerably more complicated.

Configurations/FeatureDefines.xcconfig:

Source/WebKit/chromium:

Prerendering is currently covered by the ENABLE_LINK_PREFETCH macro, but the new Prerendering
API separates it from prefetching. Having separate include guards lets ports enable prefetching,
a relatively easy change, without needing to build the infrastructure for prerendering, which
is considerably more complicated.

Source/WebKit/mac:

Prerendering is currently covered by the ENABLE_LINK_PREFETCH macro, but the new Prerendering
API separates it from prefetching. Having separate include guards lets ports enable prefetching,
a relatively easy change, without needing to build the infrastructure for prerendering, which
is considerably more complicated.

Source/WebKit2:

Prerendering is currently covered by the ENABLE_LINK_PREFETCH macro, but the new Prerendering
API separates it from prefetching. Having separate include guards lets ports enable prefetching,
a relatively easy change, without needing to build the infrastructure for prerendering, which
is considerably more complicated.

Tools:

Prerendering is currently covered by the ENABLE_LINK_PREFETCH macro, but the new Prerendering
API separates it from prefetching. Having separate include guards lets ports enable prefetching,
a relatively easy change, without needing to build the infrastructure for prerendering, which
is considerably more complicated.

WebKitLibraries:

Prerendering is currently covered by the ENABLE_LINK_PREFETCH macro, but the new Prerendering
API separates it from prefetching. Having separate include guards lets ports enable prefetching,
a relatively easy change, without needing to build the infrastructure for prerendering, which
is considerably more complicated.

Generated feature-dependent properties are now present regardless of that
feature being enabled. On getting or setting that property's value a warning
is thrown if the feature is not enabled. Additionally, if the generated
interface is feature-dependant, when getting or setting any property's value
a warning is thrown if the feature is not enabled.

Put the condition string in implementation file after the header inclusions. This ensures
that build errors do not occur when disabling the future that applies to the condition string
because of WebCore objects and methods that are still in use despite the feature being disabled.

Properly handle CSSValueNone for clip-path, filter, mask and marker-* properties. Instead
of bailing out, set the none value explicitly, since an earlier match may have set it to
something other than none.

values="a" is equal to <set to="a"> per SMIL specification.
We currently only support values animation if at least two values are given, fix that.

The reference animations in Dr. Olaf Hoffmanns SVG Animation test suite are mostly using
values animations, sometimes with only a single value given. Lots of the reference animations
are broken in trunk w/o this patch and now work as expected.

Repetitions are currently handled by adjusting percentage (percentage += repeatCount).
This doesn't work for <animateTransform> as each repetition has to be post-multiplied to the animated transform list. Fix that.

By-animations are equal to values="0;by" animations in SMIL. '0' is the neutral element of addition, which is the _zero_ matrix,
not the identity matrix for SVGTransform. Add a new construction mode to SVGTransform to be able to construct zero transforms.

Enable <animateTransform> test in additive-type-by-animation, which was disabled as it triggered assertions before this patch.
Add lots of new <animateTransform> covering additive/accumulative animations using reftests, for all animateTransform types (translate/rotate/skewX/skewY/scale).

Find in page fails to deactivate the old active match when moving backwards
because searchStartingPoint was incorrectly initialized.
Create a real range object instead of referencing other range object.
PR 152009

Stop caching base values per string in SMILTimeContainer, as it breaks additive="sum" for CSS
properties if the underlying base value is changed from the outside (eg. when calling
style.fontSize="20px", if font-size was 10px, and we're running an additive by-animation with 50px).

This requires us to cache the computed style of a SVGElement, without SMIL style property changes,
in SVGElementRareData, similar to how the computed style itself is cached in ElementRareData.
To be able to compute the base value for a CSS property at any time, we have to exclude any
previous animation effects residing in the SMIL animated style properties, per SMIL2/3 specs.

NOTE: This doesn't change or affect the way CSS Animations/Transitions are applied, we still

have some bugs in that area, but this patch doesn't address them. The idea is to only
remove the cache, to pave the way for future additive="sum" patches.

New "load,resource,finished", "load,resource,failed", and
"resource,response,received" signals were added to notify about different
resource load events. These additional signals are needed for proper
support of LayoutTestController's dumpResourceLoadCallbacks() in EFL's
DumpRenderTree.

Implement support for LayoutTestController's
dumpResourceLoadCallbacks() in EFL's DumpRenderTree by catching new
ewk_view signals about resource loading and print out the expected
information. This allows for several test cases to be removed from the
skip list.

(WebKit::WebContext::WebContext): Initialize
m_soupRequestManagerProxy when using soup.
(WebKit::WebContext::~WebContext): Invalidate and clear the
m_soupRequestManagerProxy when using soup.
(WebKit::WebContext::disconnectProcess): Invalidate the
m_soupRequestManagerProxy when using soup.
(WebKit::WebContext::didReceiveMessage): Forward the message to
m_soupRequestManagerProxy if it's a
MessageClassWebSoupRequestManagerProxy message.

(WebKit::WebProcessProxy::didReceiveMessage): Forward message to
the web context if it's a MessageClassWebSoupRequestManagerProxy
message.

UIProcess/soup/WebSoupRequestManagerClient.cpp: Added.

(WebKit::WebSoupRequestManagerClient::didReceiveURIRequest): Call
didReceiveURIRequest callback if it has an implementation.

UIProcess/soup/WebSoupRequestManagerClient.h: Added.

UIProcess/soup/WebSoupRequestManagerProxy.cpp: Added.

(WebKit::WebSoupRequestManagerProxy::create): Create a new
WebSoupRequestManagerProxy.
(WebKit::WebSoupRequestManagerProxy::WebSoupRequestManagerProxy):
(WebKit::WebSoupRequestManagerProxy::~WebSoupRequestManagerProxy):
(WebKit::WebSoupRequestManagerProxy::invalidate):
(WebKit::WebSoupRequestManagerProxy::initializeClient):
(WebKit::WebSoupRequestManagerProxy::didReceiveMessage):
(WebKit::WebSoupRequestManagerProxy::registerURIScheme): Send
RegisterURIScheme message to the WebProcess to register the given
URI scheme.
(WebKit::WebSoupRequestManagerProxy::handleURIRequest): Send
HandleURIRequest message to the WebProcess with the given data and
data type.
(WebKit::WebSoupRequestManagerProxy::didReceiveURIRequest): Call
didReceiveURIRequest callback to allow the user to handle the
request.

UIProcess/soup/WebSoupRequestManagerProxy.h: Added.

UIProcess/soup/WebSoupRequestManagerProxy.messages.in: Added.

WebProcess/WebProcess.cpp:

(WebKit::WebProcess::WebProcess): Initialize m_soupRequestManager
when using soup.
(WebKit::WebProcess::didReceiveMessage): Forward the message to
m_soupRequestManager if it's a MessageClassWebSoupRequestManager
message.

(webkitSoupRequestGenericFinalize):
(webkit_soup_request_generic_init):
(webkitSoupRequestGenericSendAsync): Create a GSimpleAsyncResult
to handle the request and pass it to the WebSoupRequestManager.
(webkitSoupRequestGenericSendFinish): Finish the async operation
started by webkitSoupRequestGenericSendAsync() and return the
contents of the request as returned by WebSoupRequestManager.
(webkitSoupRequestGenericGetContentLength): Get the request
contents length.
(webkitSoupRequestGenericGetContentType): Get the request mime
type.
(webkit_soup_request_generic_class_init):
(webkitSoupRequestGenericSetContentLength): Set the request
contents length.
(webkitSoupRequestGenericSetContentType): Set the request mime
type.

WebProcess/soup/WebKitSoupRequestGeneric.h: Added.

WebProcess/soup/WebSoupRequestManager.cpp: Added.

(WebKit::generateSoupRequestID): Helper function to generate a
unique request identifier.
(WebKit::WebSoupRequestManager::WebSoupRequestManager):
(WebKit::WebSoupRequestManager::~WebSoupRequestManager):
(WebKit::WebSoupRequestManager::didReceiveMessage):
(WebKit::WebSoupRequestManager::registerURIScheme): Add the scheme
to the schemes array and add a new WebKitSoupRequestGeneric
feature with the new scheme list to the SoupRequester feature.
(WebKit::WebSoupRequestManager::handleURIRequest): Complete the
async operation by creating a GInputStream with the request data,
or setting an error in case of failure.
(WebKit::WebSoupRequestManager::send): Send DidReceiveURIRequest
message to the UI process.
(WebKit::WebSoupRequestManager::finish): Return the GInputStream
containing the request data.

WebProcess/soup/WebSoupRequestManager.h: Added.

WebProcess/soup/WebSoupRequestManager.messages.in: Added.

Source/WTF:

Add GPtrArray template to be able to use GRefPtr with GPtrArrays.

wtf/gobject/GRefPtr.cpp:

(WTF::refGPtr):
(WTF):
(WTF::derefGPtr):

wtf/gobject/GRefPtr.h:

(WTF):

wtf/gobject/GTypedefs.h:

Tools:

Scripts/webkitpy/style/checkers/cpp.py:

(check_identifier_name_in_declaration): Add webkit_soup prefix to
the list of exceptions to the underscores in identifiers rule.